Aruba ClearPass

65
Copyright 2015 Hewlett Packard Enterprise Development LP Horizont 2016 Enable Workplace Productivity Achieving successful digital workplace productivity & Exceeded IT business needs by using HPE and Aruba networking solutions Igor Grčić – HPE & Aruba Networks Sales and partner manager for the Adriatic region and Bulgaria 06. 10. 2016

Transcript of Aruba ClearPass

Page 1: Aruba ClearPass

Copyright 2015 Hewlett Packard Enterprise Development LP

Horizont 2016

Enable Workplace ProductivityAchieving successful digital workplace productivity& Exceeded IT business needs by using HPE and Aruba networking solutions

Igor Grčić – HPE & Aruba Networks Sales and partner manager for the

Adriatic region and Bulgaria

06. 10. 2016

Page 2: Aruba ClearPass

2

Page 3: Aruba ClearPass

CONFIDENTIAL © Copyright 2015. Aruba Networks, an HP Company. All rights reserved

Page 4: Aruba ClearPass

HPE Aruba Products Overview

Cloud networking

Central with REST APIs to share

context and program infrastructure

Policy management

ClearPass with a unified API library

and Extensions repository

Network management

AirWave with northbound XML APIs

for data consumption

Network controls

AOS8 with REST APIs to share

context and program infrastructure

Location analytics

Analytics and Location Engine (ALE) with

northbound REST APIs

Micro-location services

Meridian with mobile app

development SDK and REST

APIs

2930F

Wired Infrastructure

Switches

Wireless Infrastructure

APs, RAPs, Sensors, Beacons…

304/305 Wave 2 207 Wave 1

103/205/215/225 indoor + outdoor

Page 5: Aruba ClearPass

How Aruba Instant works

5

First Access Point configured

Ready …

It becomes the “master” & performs firewall and

controller functions

Set …

New APs automatically connect to the “master” &

download configuration

Go!! Up to 128 AP’s without controller in

local cluster. Instant APs

NO ONSITE IT NEEDED

NETWORK

SURVIVABILITY

Page 6: Aruba ClearPass

AppRF technology

6

On-Board DPI

• Depth - common apps

• Enterprise traffic

Cloud-Based Web Policy

Enforcement

• Breadth - less common

apps

• Web traffic

App category

Individual app

Web category

Web reputation

Allow/deny

QoS

Throttle

Log

Blacklist

GRANULAR VISIBILITY & CONTROL

Prioritize business critical apps

Block inappropriate content

Enforce per user/device/location

Page 7: Aruba ClearPass

REAL-TIME RF CORRELATION

DEVICE TYPE INTERFERENCELOCATION CONGESTION ‘MU-MIMO Aware’

Page 8: Aruba ClearPass

Desk Phones Are So 19th Century

Page 9: Aruba ClearPass

Enterprise reference architecture

Aruba 802.11ac APs

Aruba 7200 Mobility Controller

Aruba 5400R chassis (or Aruba

3810 stacking) Aruba 7200 Mobility Controller

Aruba 2930F Aruba 2930F

Page 10: Aruba ClearPass

10

Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Aruba, a Hewlett Packard Enterprise company. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties or merchantability or fitness for a particular purpose.

Source: Gartner Magic Quadrant for the Wired and Wireless LAN Access InfrastructureAugust 2016. Tim Zimmerman, Christian Canales, Bill Menezes, Danilo CiscatoID Number: G00291908

Page 11: Aruba ClearPass

11

So we got the

Best and actually

saved money???

Page 12: Aruba ClearPass

12

Page 13: Aruba ClearPass

13

Page 14: Aruba ClearPass

Switching That Meets the Needs of Today and Tomorrow

Gigabit Access Multi-Gig Access

Aruba 2920 Aruba 3810 Aruba 5400

POE+

SDN Ready

Smart Rate

Multi-Gig Ports

Aruba 2530

AirWave &

ClearPass

Stacking VSF

Aruba 2930F

Page 15: Aruba ClearPass

Broad 802.11ac Aruba Instant PortfolioModel Location Performance Density Vertical

200 Series Indoor Moderate Moderate

(50 active)

K-12

Retail

Hospitality

210 Series Indoor HighModerate

(75 active)

Carpeted space

Hospitality - Lobby

220 Series Indoor HighHigh

(125+ active)

Lecture Halls

Venues

310 Series Indoor HighModerate

(75 active)

Carpeted space

across verticals

320 Series Indoor HighHigh

(125+ active)

Higher Ed

Venues

330 Series Indoor Very HighHigh

(125+ active)

Higher Ed

Venues

270 Series Outdoor HighHigh

(125+ active)Outdoor

Page 16: Aruba ClearPass

207 Series Access PointsMaking fast 802.11ac affordable for everyone

• Dual radio 2x2:2SS VHT160

• 5GHz: 867Mbps max, 2.4GHz: 400Mbps max

• Support for approved 5GHz bands in the future

• Transmit Beamforming and Advanced Cellular Coexistence

• Integrated BLE radio: locationing, beacon management

• Temperature range: 0C to +50C

• 1x GbE, 802.3af POE / 12Vdc, ~12W max

• Same size as 205 series (150mm x 150mm x 40mm)

Availability

ArubaOS 6.5: Q4’FY16

ArubaOS 8: Q1’FY17

Instant: Q1’FY17

Page 17: Aruba ClearPass

Confidential – For Training Purposes Only 17

It’s cold here!!!

Page 18: Aruba ClearPass

270 Series and 228 Hardened AP Portfolio

AP-275

Integrated OmnisDual Radio 11ac 3x3:3SS

AP-274

ConnectorizedDual Radio 11ac 3x3:3SS

AP-277

Integ. DirectionalDual Radio 11ac 3x3:3SS

AP228

6 x RPSMADual Radio 11ac 3x3:3SS

Page 19: Aruba ClearPass

19

Can you work

from home?

Page 20: Aruba ClearPass

Extending Your Enterprise with Remote APs

– Light up a remote office with simple plug-and-play

– Extends corporate Wi-Fi, wired, VPN and firewall

– Easily connect printers and power VoIP phones

– Enhanced failover options with a 2nd ISP or cellular

handoff

20

Page 21: Aruba ClearPass

Cloud-based management with Aruba Central, and zero-touch

Network configured

& running4

Plug in Aruba

Instant AP or

Aruba Switch

1

Secure connection

(HTTPS) 2

Central* sends config

details to AP/Switch3

ZERO-TOUCH PROVISIONING

NO ON-SITE EXPERT NEEDED

*Now DHCP-based ZTP with 16.01

Activate-based ZTP with 16.02

Page 22: Aruba ClearPass

Confidential – For Training Purposes Only 22

How do you

manage?

Page 23: Aruba ClearPass

Flexible management choices

23

Deployment n/a Cloud

Management as a Service

no hardware, no software

On-site

Management Decentralized

Instant Clusters

Centralized Management

Instant APs, multiple sites,

multiple clusters

Centralized Management

Instant & ArubaOS APs,

Third-Party Wired & WLAN

Advanced

Capabilities

Simple Guest Wi-Fi Guest/Visitor management

with custom captive portal

VisualRF, advanced reporting

alerts & customizations

Pricing Free No upfront costs

Subscription per AP - 1/3/5yr

Tech Support included

Lower recurring costs

Perpetual SW license per

AP/Switch + recurring annual

maintenance + HW (optional)

Instant Local

Management Central Airwave

Page 24: Aruba ClearPass

Confidential – For Training Purposes Only 24

Can we Grow?

Page 25: Aruba ClearPass

Controllers scale from branch to campus

7030Large branchUp to 64 APs and up to 8Gbps throughput

Midsize branch with integrated switch12 or 24 ports of PoE+ for unified branches

Up to 32 APs

Small branchVirtualized or PoE-powered controllers

Midsize CampusHigh performance, fixed form factor

Up to 256 APs, 12 Gbps throughput

Large CampusHigh performance, redundant power/fan

512 – 2048 APs, up to 40Gbps throughput

7240

7220

7210

7205

7024 (24 PoE+)

7010 (12 PoE+)

VMC-TACT (8/16 AP)

7005/7008 (16 AP)

Bra

nc

h

Ca

mp

us

Page 26: Aruba ClearPass

26

Page 27: Aruba ClearPass

27

Page 28: Aruba ClearPass

28

References?

Page 29: Aruba ClearPass

Telecom

Services

Retail

Media & Ent

Primary Education Public Venues

Healthcare

Finance

Manufacturing

Public Transit

Government

Social & New Media

Oil & Gas Hospitality

Higher Education

Technology

Page 30: Aruba ClearPass
Page 31: Aruba ClearPass

Confidential – For Training Purposes Only 31

They are

comming!!!

Page 32: Aruba ClearPass
Page 33: Aruba ClearPass

Managing risk in today’s digital enterprise

Rapid transformation of enterprise IT

Shift to hybrid

Mobile connectivity

Big data explosion

Cost and complexity of regulatory pressures

Compliance

Privacy

Data protection

Increasingly sophisticated cyber attacks

More sophisticated

More frequent

More damaging

Page 34: Aruba ClearPass

User Behavior and the shifting perimeter

* Aruba 2015 “Running the Risk” report

30% of users lost

data on mobile

Younger users are

less responsible60% of users share

devices

Aruba, HPE 2015 Survey of 4300

Enterprises

Page 35: Aruba ClearPass

IT Solution Overload

How do I onboard personal devices?

NAC?

MDM?

MAM?

How do I keep enterprise data safe?

How do I protect my network?

What if a mobile device is lost?

How do I maintain user privacy?

Page 36: Aruba ClearPass

Internet of

Things (IoT)

BYOD and

corporate owned

Security monitoring and

threat prevention

Multi-vendor

switching

Multi-vendor

WLANs

Aruba ClearPass

Aruba ClearPass with

Exchange EcoSystem

Device Management

and multi-factor auth

Helpdesk and voice/SMS

services in the cloud

REST API / Syslog

Page 37: Aruba ClearPass

Aruba ClearPass

37

The most comprehensive BYOD and IoT management platform

• Role-based network access enforcement for Wi-Fi, wired

and VPN

• Supports NAC and Microsoft NAP posture and health

checks

• Advanced reporting of all user activity, authentications and

failures

• Device onboarding, profiling, guest access, and

compliance reporting

• Enterprise-grade AAA, including RADIUS/TACACS+,

802.1X and non-802.1X services.

Page 38: Aruba ClearPass

38

Page 39: Aruba ClearPass

39

Can I use my

device?

Page 40: Aruba ClearPass

40

• Automate device provisioning for secure BYOD (Data about devices

from Active Directory and LDAP)

• Issue unique certificates for every mobile device - SCEP and EST

(RFC 7030)

ClearPass Onboard: Automated device provisioning for secure BYOD

Page 41: Aruba ClearPass

41

Page 42: Aruba ClearPass

ClearPass OnGuard

42

Page 43: Aruba ClearPass

43

Page 44: Aruba ClearPass

44

Page 45: Aruba ClearPass

T-SystemsCustomer story, T-Systems

High Visibility,

Managed Service

– ThyssenKrupp is their 1st

customer

– Use of AAA, Guest, Onboard

and OnGuard with multiple

expansion opportunities

Page 46: Aruba ClearPass
Page 47: Aruba ClearPass

47

Can we do

something for

marketing?

Page 48: Aruba ClearPass

48

Page 49: Aruba ClearPass

AOS8 : Multiple tenants on the same access point with MultiZone

LoCtrl2

CSw1 CSw1

LoCtrl1

Aruba 7200Mobility Controller

Aruba 7200Mobility Controllers

Network A Network B

• Requires Mobility Master and AOS8

• SSIDs terminate on different controllers to

ensure physical separation of traffic flows

• Efficient use of Wi-Fi resources and reduced

cost of AP hardware deployment

Page 50: Aruba ClearPass

Offer significant cost savings to

operators of public venues, by

eliminating use of separate Wi-Fi

systems

MultiZone: Use Cases and Benefits

Airport

Shopping Mall

H&MPrivate Wi-Fi

Levi’sWi-Fi

UniqloPrivate Wi-Fi

Shoppin

g M

all

public

Wi-

Fi

Public Wi-FiSecurity Wi-Fi

British Airways Wi-Fi

United Airlines Wi-Fi

Singapore Airlines Wi-Fi

Air France Wi-Fi

Give additional Wi-Fi

sponsorship opportunities to

your existing customers in

public venues

Page 51: Aruba ClearPass

Traffic Pattern Analytics Enabled by ALE

Presence (Inside Venues / Conference Rooms)

Capture Rates (Inside versus Walk-Bys)

Dwell Times by Geofence

Repeat versus New Visitors

User Classification (Employees versus Guests)

Page 52: Aruba ClearPass
Page 53: Aruba ClearPass
Page 54: Aruba ClearPass

70,000seats

10.3 TB offloaded

Page 55: Aruba ClearPass
Page 56: Aruba ClearPass

Access Points and Blootooth navigation

56

Typ

e A

Typ

e B

Typ

e C

Typ

e D

Typ

e E

Typ

e F

Page 57: Aruba ClearPass

Non-intrusive beacon setup

57

Page 58: Aruba ClearPass

Wayfinding

58

Page 59: Aruba ClearPass

In seat delivery & Express Pickup

59

Page 60: Aruba ClearPass

Video replays; App optimization; content management…

60

Page 61: Aruba ClearPass

http://www.levisstadium.com/stadium-info/stadium-app/

Page 62: Aruba ClearPass

….

HOW WE DID IT…

Page 63: Aruba ClearPass

63

Page 64: Aruba ClearPass

Thank [email protected]

64Confidential – For Training Purposes Only

Page 65: Aruba ClearPass